Facebook’s data privacy practices scrutinized by US, EU authorities

DECEMBER 2, 2011 – Facebook’s ability to protect user data, which can sometimes inform market research, has been called into question by critics. Facing complaints that it had “deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public,” the company agreed to settle with the Federal Trade Commission, the agency said in a statement.

According to the FTC, the points against the social networking site included the claim that it changed the website without warning in December 2009, making some users’ private information public. Additionally, applications installed by Facebook members gave third parties access to much more information than was actually needed, although Facebook indicated otherwise, the agency said.

“Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users,” stated Jon Leibowitz, chairman of the FTC. “Facebook’s innovation does not have to come at the expense of consumer privacy. The FTC action will ensure it will not.”

The proposed settlement includes a requirement that consumers expressly agree to any changes to privacy preferences, that no one can access material on an account more than 30 days after it has been deleted and that Facebook must have third parties conduct audits of its privacy program every two years for the next two decades.

On November 29, the same day the FTC released its announcement, Facebook founder Mark Zuckerberg published a post on the company’s official blog reiterating its “commitment to the Facebook community.”

He wrote that it was important that all users have control over what information they share with their friends and the public, and admitted that Facebook has “made a bunch of mistakes” over the years.

“Even if our record on privacy were perfect, I think many people would still rightfully question how their information was protected,” Zuckerberg wrote. “It’s important for people to think about this, and not one day goes by when I don’t think about what it means for us to be the stewards of this community and their trust.”

He added that the privacy agreements the FTC has made with Facebook, Twitter and Google were building a framework for how companies everywhere should approach privacy. Zuckerberg also announced two new corporate positions to ensure that Facebook fulfills its commitment to FTC and its users – one chief privacy officer each to oversee both policy and products.

Facebook is getting battered in Europe too. The European Commission recently started working on an update to its data protection policies, which could impact how Facebook collaborates and does business with marketers on the continent.

BusinessWeek reports that the EU Justice Commissioner, Viviane Reding, is working to give data-protection agencies more power to take punitive action if a privacy law has been “seriously breached,” rather than only being able to suggest that the data controller take care of the problem.

“As companies operate across borders in Europe, the data protection rules and their enforcement must be more consistent,” Reding said, as quoted by the news outlet.

The measure would be beneficial to consumers, but would also make the process of getting corporate privacy policies approved much easier, according to PC magazine. Creating a single data protection authority to give the go-ahead on an internet company’s privacy protocol drafts is among Reding’s proposed rules, the source says. The new regulations would update the EU data protection laws, which were created when the internet was first taking hold in 1995.